|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[ISSForum] Third party BlackICE advisory
From: Washburn, Lisa (ISSAtlanta) (LWashburn
iss.net)
Date: Wed Jan 28 2004 - 08:32:56 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
ISS Customers,
A third party, Secure Network Operations, has released an advisory for a local buffer overflow in BlackICE. You can access that advisory here: http://archives.neohapsis.com/archives/fulldisclosure/2004-01/1145.html. This issue has been classified as low-severity by the ISS X-Force. It is only exploitable in limited cases that will not affect the vast majority of the BlackICE install-base. In order to leverage this to elevate privileges locally, an attacker would need to be already authenticated to the target machine or somehow be able to access the BlackICE GUI or configuration files. This issue is not remotely exploitable in and of itself, therefore, ISS X-Force does not consider this issue to be a major security risk.
Although the severity of this issue is considered low by X-Force, ISS has included a bug fix for this issue in its latest BlackICE update to address any potential concerns for our customers. Updates are available from the ISS website at: http://www.iss.net/download/.
_______________________________________________
ISSForum mailing list
ISSForumiss.net
TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]